Things You Should Know
About Viruses, Worms and
Extensions in E-mails...

by Karen Kenworthy

As you well know, a new computer virus has been making the rounds.

This one travels in e-mail messages with a subject line of "ILOVEYOU". The text of the message is just a single sentence reading "kindly check the attached LOVELETTER coming from me."

This message seems innocent enough, if a bit juvenile. In fact, if you simply read this letter, no harm is done. What makes this missive dangerous is a file that's attached, named LOVE-LETTER-FOR-YOU.TXT.vbs.

At first glance, the file seems harmless. Its name seems innocent enough. It even has a .TXT extension, indicating it's a simple text file. But when you look closer you realize that .TXT isn't the extension. Instead it's a part of the file's name. The file's extension is actually ".vbs". And unbeknownst to a lot of folks, .VBS files are programs, written in a dialect of Visual Basic known as VBScript.

Open or double-click a .VBS file, and the program inside it runs.

And this particular program is destructive. It overwrites the contents of several files on your hard disk, attempts to download another file from the Internet, and writes new information to your Registry. It also e-mails copies of itself to everyone in your Outlook or Outlook Express address book.

Executable Files

We all remember our Moms' advice: "Never run a mystery program." And if the Love Bug virus had been stored in file with a filename extension of .EXE, like most programs, few people would have been bitten. But other types of files are programs too. All can run under Windows, and each can wreak havoc with your computer. Here's a list of filename extensions to watch out for:

.EXE -- This is the most common type of program file. It can contain 16- or 32-bit Windows programs or DOS programs.

.COM -- This type of file can only contain 16-bit DOS programs. But they can be just as destructive as a malicious EXE file.

.BAT -- These text files contain lists of DOS commands. These commands can launch other programs, rename and delete files, and perform other potentially destructive acts.

.CMD -- same as .BAT files, but only run under Windows NT and Windows 2000.

.PIF -- A Program Information File. It provides information about a DOS program, such as how much memory it needs, how it accesses the screen, etc. Open or run a PIF file, and its associated .EXE, .COM or .BAT file is executed.

.VBS -- A text file containing a program written in the VBScript language. They are 32-bit Windows programs, and can do anything an EXE program can.

.VBE -- A VBScript (.VBS) file that has been encoded to prevent you and I from seeing its true contents. The authors of the Love Bug virus originally intended to distribute their program as a .VBE file, to hide its purpose. But they discovered this file format is only recognized by Windows 2000, and older versions of Windows that have been specially upgraded to Windows Scripting Host v2.0.

.JS -- Same as .VBS, except the program stored in the file is written in the JavaScript or Jscript programming language.

.JSE -- A JavaScript or Jscript (.JS) file that has been encoded to prevent you and I from seeing its true contents.

.WSH -- A text file that contains settings used when running a particular script. Open or run this file, and its associated script file (.VBS, .VBE, .JS or .JSE) will be executed.

.WSF -- A file containing scripts, data and other information in the XML (extensible Markup Language).

Other types of files, while not exactly programs, can cause damage if opened or double-clicked. For example, .REG files contain information that is automatically copied to your Windows Registry Installation information files, those with names ending in .INF, contain information describing how a program or driver should be installed. This includes lists of files to be copied, and even Windows Registry entries to be added, changed or deleted. Opening or double-clicking either of these types of files can have undesired consequences.

Remember also that a filename's extension is not always visible. It's possible to ask Windows to hide common filename extensions. As a result, a file named "Text.txt" might appear in a file open dialog, a Windows Explorer window, or elsewhere simply as "Text." The only clue to its extension might be the file's icon, and even that can be altered.

Precautions

It might seem that the computer world is full of potentially harmful files -- programs in various forms that can destroy our precious data in a few moments time. And of course, that's true. There's no shortage of destructive programs, or little people who'll write new ones.

So, should we turn off our computers and use them as doorstops? That provides complete protection from computer viruses, and many other plagues of our information age too. But it's possible to use our computers, and communication marvels such as e-mail, safely. The trick is skepticism.

Look at every new file as if it's a potential virus. If it's supposed to be a text file, don't double-click it. Instead, open it safely with Notepad. If a file claims to contain an image, open it with an image viewer such as Windows Paint, or even your favorite Web browser (ever notice the "Open" choice in its File menu?).

Better yet, just leave the unknown file alone. Sure, maybe it contains a joke, recipe, picture, or greeting card that will change your life. But probably not. If you don't really know what a file will do when opened, don't even try to find out. There are safer ways to spend your time, such as walking along the street picking up and eating each small object you find. :)

Karen Kenworthy is a computer programmer and software designer. She also writes a column for Winmag.com, and has a free e-mail newsletter filled with good information pertaining to computers and the internet. She also offers a host of shareware powertools at her Winmag home page,http://www.winmag.com/columns/powertools.

To subscribe to her newsletter, go to http://www.winmag.com/subscribe.

Top of Page